SDN

Aws EC2 MACVLAN

Amazon EC2 networking doesn’t allow to use private ips in the containers through bridges or macvlan. Dedicating a network interface to a container makes it directly unreachable from the host. docker network create -d macvlan --subnet 172.30.80.0/20 --gateway 172.30.80.1 -o parent=eth0 pub_net docker run -d --network pub_net --ip 172.30.80.10 busybox

SR-IOV vs DPDK/VPP for NFV

Linux Bridge supported GRE Tunnels, but not the newer and more scalable VXLAN model https://vincent.bernat.ch/en/blog/2017-vxlan-linux This post will talk about the various building blocks available to speed up packet processing both hardware based e.g.SR-IOV, RDT, QAT, VMDq, VTD and software based e.g. DPDK, Fd.io/VPP, OVS etc and give hands on lab experience https://www.telcocloudbridge.com/blog/dpdk-vs-sr-iov-for-nfv-why-a-wrong-decision-can-impact-performance/

Vpn With Wireguard

安装 sudo add-apt-repository ppa:wireguard/wireguard sudo apt-get update sudo apt-get install wireguard -y 打开安全组 配置 创建key wg genkey | tee privatekey | wg pubkey > publickey 配置 ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000 link/ether 0a:81:39:72:97:90 brd ff:ff:ff:ff:ff:ff inet 10.

Vpn客户端设置参考

安装 https://download.wireguard.com/windows-client/wireguard-amd64-0.0.38.msi 配置 更改公钥 Endpoint所在的vpn服务器地址 https://github.com/Nyr/openvpn-install https://github.com/hwdsl2/setup-ipsec-vpn https://wireguard.isystem.io/ https://github.com/meshbird/meshbird https://www.tinc-vpn.org/ https://github.com/isystem-io/wireguard-aws Download and install the TunSafe, which is a Wireguard client for Windows. wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh --2020-01-01 22:26:54-- https://git.io/vpnsetup Resolving git.io (git.io)... 54.165.216.26, 54.224.175.112, 34.227.147.55, ... Connecting to git.io (git.io)|54.165.216.26|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/vpnsetup.sh [following] --2020-01-01 22:26:55-- https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/vpnsetup.sh Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.188.133 Connecting to raw.

Linux Bridge

Some things worth noting in br_add_if: Only ethernet like devices can be added to bridge, as bridge is a layer 2 device. Bridges cannot be added to a bridge. New interface is set to promiscuous mode: dev_set_promiscuity(dev, 1) https://goyalankit.com/blog/linux-bridge

Aws EC2 多网卡配置

We can no longer assign a public IP address to your instance The auto-assign public IP address feature for this instance is disabled because you specified multiple network interfaces. Public IPs can only be assigned to instances with one network interface. To re-enable the auto-assign public IP address feature, please specify only the eth0 network interface. ip MAC=`curl http://169.254.169.254/latest/meta-data/mac` curl http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/local-ipv4s 配置第二块网卡 ip a | grep ^[[:digit:]] tee -a /etc/network/interfaces.

Kernel Bypass Networking

RDMA (Remote Direct Memory Access), TOE (TCP Offload Engine), and OpenOnload. More recently, DPDK (Data Plane Development Kit) has been used in some applications to bypass the kernel, and then there are new emerging initiatives such as FD.io (Fast Data Input Output) based on VPP (Vector Packet Processing). More will likely emerge in the future. Technologies like RDMA and TOE create a parallel stack in the kernel and solve the first problem (namely, the “kernel is too slow”) while OpenOnload, DPDK and FD.